Some protocols (like git-remote-ext) can execute arbitrary code
found in the URL. The URLs that submodules use may come from
arbitrary sources (e.g., .gitmodules files in a remote
repository), and can hurt those who blindly enable recursive
fetch. Restrict the allowed protocols to well known and safe
ones.